Guideline(s): Implement Visual Strategies for Effective Communication of Lengthy Privacy Policies

Introduced the Privacy Nutrition Label, building on nutrition labelling principles to simplify and improve understanding of privacy practices through user-friendly presentation and clear communication.

Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder (2009). A "nutrition label" for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security. New York, NY, USA: Association for Computing Machinery, 2009. (SOUPS ’09). https://doi.org/10.1145/1572532.1572538

Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor (2015). A Design Space for Effective Privacy Notices. In: Symposium on Usable Privacy and Security (SOUPS 2015). [S.l.: s.n.], p. 1–17. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf

Yuanyuan Feng, Yaxing Yao, and Norman Sadeh (2021). A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In CHI Conference on Human Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3411764.3445148

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Proposed a framework to compute a privacy score for users in online social networks, indicating their potential privacy risk due to information-sharing activities. The privacy score increases with the sensitivity of disclosed information and its visibility within the network. More sensitive information and higher visibility result in a higher privacy score, indicating greater privacy risk.

Kun Liu and Evimaria Terzi. A Framework for Computing the Privacy Scores of Users in Online Social Networks. ACM Trans. Knowl. Discov. Data 5, 1, Article 6 (December 2010), 30 pages. https://doi.org/10.1145/1870096.1870102

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed the Smart Privacy-aware Information Sharing Mechanism (SPISM), which uses machine-learning techniques to make semi-automatic decisions about sharing information and at what level of detail. This system adapts to each user’s behaviour and predicts the level of detail for each sharing decision based on personal and contextual features.

Igor Bilogrevic, Kévin Huguenin, Berker Agir, Murtuza Jadliwala, Maria Gazaki and Jean-Pierre Hubaux (2016). A machine-learning based approach to privacy-aware information-sharing in mobile social networks. Pervasive and Mobile Computing, 25, 125-142. https://doi.org/10.1016/j.pmcj.2015.01.006

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed a model to predict and recommend privacy settings for text-based posts on social media. This model addresses the issue of users often misconfiguring their privacy settings due to the complexity of current systems. The model can recommend appropriate privacy settings by analyzing users' historical posts and decisions and considering factors like social context, post semantics, and specific keywords related to privacy preferences.

Lijun Chen, Ming Xu, Xue Yang, Ning Zheng, Yiming Wu, Jian Xu, Tong Qiao, and Hongbin Liu. A Privacy Settings Prediction Model for Textual Posts on Social Networks. In: Romdhani, I., Shu, L., Takahiro, H., Zhou, Z., Gordon, T., Zeng, D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 252. Springer, Cham. https://doi.org/10.1007/978-3-030-00916-8_53

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Introduced a method to quantify privacy risks in social networks using a semi-supervised learning approach. The authors propose a privacy score based on user-defined visibility settings for profile items. This score aims to reflect the actual privacy leakage risk more accurately than traditional methods.

Ruggero G. Pensa, and Gianpiero Di Blasi. A Semi-supervised Approach to Measuring User Privacy in Online Social Networks. In: Calders, T., Ceci, M., Malerba, D. (eds) Discovery Science. DS 2016. Lecture Notes in Computer Science(), vol 9956. Springer, Cham. https://doi.org/10.1007/978-3-319-46307-0_25

Guideline(s): Enable Exploration of Data Exports

Introduced TransparencyVis, a web-based tool designed to enhance the transparency and understanding of personal data collected by online services. The tool offers a TimeView, FileView, and ListView to help users explore their data exports from multiple services like Google, Facebook, Instagram, and Twitter. It standardises data exports from different services into a unified format, facilitating comparison and analysis. The interface is tailored for ordinary internet users, enabling them to upload and visualise their data without extensive technical knowledge easily. The tool processes data from the client side to ensure user privacy, avoiding unnecessary server interactions.

Marija Schufrin, Steven Lamarr Reynolds, Arjan Kuijper and Jorn Kohlhammer (2021). A Visualization Interface to Improve the Transparency of Collected Personal Data on the Internet. IEEE Transactions on Visualization and Computer Graphics, v. 27, n. 2, p. 1840–1849. https://doi.org/10.1109/TVCG.2020.3028946

Guideline(s): Explore Diverse Techniques for Privacy Control

Proposed a Human-Centered Artificial Intelligence (HCAI) approach to enhance the privacy protection of elderly app users in smart cities. The authors address the limitations of the privacy self-management model, which increases the cognitive load on elderly users. They introduce two participatory privacy protection algorithms (PPPA-I and PPPA-II) to determine optimal privacy settings for Ambient Assisted Living (AAL) apps and manage runtime permission requests. These algorithms leverage expert user preferences and soft set theory to handle multi-criteria decision-making under uncertainty, ultimately reducing the cognitive burden on elderly users while ensuring robust privacy protection.

Haroon Elahi, Aniello Castiglione, Guojun Wang, and Oana Geman (2021). A human-centered artificial intelligence approach for privacy protection of elderly App users in smart cities. Neurocomputing, 444, pp.189-202. https://doi.org/10.1016/j.neucom.2020.06.149

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

This research proposed a collaborative sharing model for multiparty data in OSNs. The model integrates joint sharing principles, multiparty authorizations, and a joint-ownership policy enforcement mechanism. It features a fine-grained automated conflict resolution method for shared objects. Formal verification is performed through Petri-nets and ontologies, and a Facebook application called “Safe-Sharing” is developed as a proof of concept.

Tahir Muhammad and Adnan Ahmad (2021). A joint sharing approach for online privacy preservation. World Wide Web, 24(3), pp.895-924. https://doi.org/10.1007/s11280-021-00876-5

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed a Privacy Preference Recommender System (PPRS) that dynamically adjusts privacy settings based on contextual factors such as user behaviour, location, and activity. The system uses machine learning models to analyse real-time data from fitness devices and applications, providing personalised privacy recommendations.

Odnan Ref Sanchez, Ilaria Torre, Yangyang He, and Bart P. Knijnenburg (2020). A recommendation approach for user privacy preferences in the fitness domain. User Modeling and User-Adapted Interaction, 30, pp.513-565. https://doi.org/10.1007/s11257-019-09246-3

Guideline(s): Communicate Privacy Risk with Colour-Coded Privacy Indicators , Integrate Privacy Indicators for Informed App Selection

Presented personalised privacy notifications to align users' privacy behaviours with their attitudes. The interface highlights discrepancies between users' privacy attitudes and app permissions.

Corey Brian Jackson and Yang Wang. Addressing the privacy paradox through personalized privacy notifications. Proceedings of the ACM on interactive, mobile, wearable and ubiquitous technologies, ACM New York, NY, USA, v. 2, n. 2, p. 1–25, 2018. https://doi.org/10.1145/3214271

Guideline(s): Implement Interactive Consent Forms for Enhanced User Engagement

Designed and evaluated three interaction designs—checkboxes, drag-and-drop (DAD), and swiping—to obtain smartphone user consent. The study found that while DAD and swiping methods significantly enhance user recall and engagement compared to traditional checkboxes, they require more time to complete. Users expressed higher satisfaction with DAD over swiping and checkboxes. The study emphasizes the need for interactive consent methods to improve user understanding and compliance with legal requirements, though it also highlights the ongoing challenge of balancing usability with thoroughness in user consent processes.

Daniel Lindegren, Farzaneh Karegar, Bridget Kane & John Sören Pettersson (2021). An evaluation of three designs to engage users when providing their consent on smartphones. Behaviour & Information Technology, 40:4, p. 398-414. https://doi.org/10.1080/0144929X.2019.1697898

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Proposed DroidNet, an Android permission control framework that uses crowdsourcing to help users make informed decisions about app permissions. DroidNet operates in a "probation" mode for new apps, where permissions are not granted upfront. Instead, it provides recommendations based on decisions made by peer expert users. An expertise ranking algorithm using a transitional Bayesian inference model is used to identify expert users. The system offers real-time recommendations on permission requests, helping inexperienced users make safer decisions.

Bahman Rashidi, Carol Fung, Anh Nguyen, Tam Vu and Elisa Bertino (2018). Android User Privacy Preserving Through Crowdsourcing. In IEEE Transactions on Information Forensics and Security, vol. 13, no. 3, pp. 773-787, March 2018. https://doi.org/10.1109/TIFS.2017.2767019

Guideline(s): Provide Users with User-Friendly Tools to Manage Their Privacy Settings

Proposed AppMonitor, an access control framework designed to restrict the leakage of user data to third-party applications (TPAs) on online social networks (OSNs). The framework introduces a relation-based access control policy model, utilizing predicate calculus to express data access policies. AppMonitor enforces these policies, ensuring that TPAs can access only the necessary user data. The system comprises a Data Authorization Manager (DAM), a Privacy Leakage Controller (PLC), and TPA components that interact to manage data access requests and prevent unauthorized data flow.

Nemi Chandra Rathore and Somanath Tripathy (2020). AppMonitor: restricting information leakage to third-party applications. Soc. Netw. Anal. Min. 10, 49. https://doi.org/10.1007/s13278-020-00662-7

Guideline(s): Communicate Privacy Risk with Colour-Coded Privacy Indicators

Presented Aquilis, a privacy-preserving system designed for mobile devices that utilizes the principles of contextual integrity to assess and communicate privacy risks. The system takes the form of a keyboard application that provides real-time feedback on potential privacy leakages using a three-colour code scheme.

Abhishek Kumar, Tristan Braud, Young D. Kwon, and Pan Hui (2020). Aquilis: Using contextual integrity for privacy protection on mobile devices. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, ACM New York, NY, USA, v. 4, n. 4, p. 1–28, 2020. https://doi.org/10.1145/3432205

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Presented a Privacy Preference Recommender System (PPRS) designed for smart home environments, integrating Personal Data Stores (PDSs) to assist users in making data-sharing decisions.

Yashothara Shanmugarasa, Hye-young Paik, Salil S. Kanhere, Liming Zhu (2022). Automated Privacy Preferences for Smart Home Data Sharing Using Personal Data Stores. In IEEE Security & Privacy, vol. 20, no. 1, pp. 12-22, Jan.-Feb. 2022 https://doi.org/10.1109/MSEC.2021.3106056

Guideline(s): Enhance Privacy Policy Communication with Automated Information Extraction

Proposed a system that builds a user privacy concern profile using crowdsourced data and interviews. These profiles are grouped using hierarchical clustering to create a system that matches new users to a profile cluster. The system employs Convolutional Neural Networks (CNN) and Random Forest models to analyze privacy policies, considering the user's privacy concern profile and related GDPR items.

Cheng Chang, Huaxin Li, Yichi Zhang, Suguo Du, Hui Cao, and Zhu Haogin. Automated and Personalized Privacy Policy Extraction Under GDPR Consideration. In: Biagioni, E., Zheng, Y., Cheng, S. (eds) Wireless Algorithms, Systems, and Applications. WASA 2019. Lecture Notes in Computer Science(), vol 11604. Springer, Cham https://doi.org/10.1007/978-3-030-23597-0_4

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed an innovative agent-based negotiation framework to manage privacy permissions between users and service providers. This framework leverages a multi-issue alternating-offer protocol that accommodates partial and complete offers, aiming to automate privacy negotiations and reduce user burden.

Dorota Filipczuk, Tim Baarslag, Enrico H. Gerding, and m. c. schraefel (2022). Automated privacy negotiations with preference uncertainty. Autonomous Agents and Multi-Agent Systems, 36(2), p.49. https://doi.org/10.1007/s10458-022-09579-1

Guideline(s): Enhance Privacy Policy Communication with Automated Information Extraction

Created PrivacyInjector, a browser extension that segments and annotates privacy policies, placing relevant segments as icon bubbles on webpages for contextual relevance.

Maximiliane Windl, Niels Henze, Albrecht Schmidt, and Sebastian S. Feger. Automating Contextual Privacy Policies: Design and Evaluation of a Production Tool for Digital Consumer Privacy Awareness. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI '22). Association for Computing Machinery, New York, NY, USA, 2022, Article 34, 1–18 https://doi.org/10.1145/3491102.3517688

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Presented AutoPer+, an autonomous permission recommendation system for Android that leverages natural language processing (NLP) and machine learning to assist users in making permission decisions. AutoPer+ analyses app descriptions to determine the necessity of permissions, using a multi-topic model and deep semi-supervised learning with Long Short-Term Memory (LSTM) networks to identify similar apps and their permission usages. The system provides recommendations (Allow, Deny, Ask) along with explanations to help users understand the rationale behind each decision.

Hongcan Gao, Chenkai Guo, Dengrong Huang, Xiaolei Hou, Yanfeng Wu, Jing Xu, Zhen He, and Guangdong Bai (2020). Autonomous Permission Recommendation. In IEEE Access, vol. 8, pp. 76580-76594, 2020. https://doi.org/10.1109/ACCESS.2020.2967139

Guideline(s): Integrate Privacy Indicators for Informed App Selection

Presented a novel class of privacy indicators called Data Controller Indicators (DCIs). These indicators reveal smartphone apps' data collection activities by identifying which organizations are collecting data, what data is being collected, and for what purposes. The study shows that DCIs help users make more informed and confident privacy-related decisions by exposing previously hidden data flows.

Max Van Kleek, Ilaria Liccardi, Reuben Binns, Jun Zhao, Daniel J. Weitzner, and Nigel Shadbolt (2017). Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17). Association for Computing Machinery, New York, NY, USA, 5208–5220. https://doi.org/10.1145/3025453.3025556

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Presented a new measure of privacy risk called "account reachability" (AR). The authors developed a tool called ARChecker to calculate AR. This tool analyzes a user's public account information to determine how easily a private account can be found. It provides recommendations on modifying profiles and messages to reduce privacy risks.

Yoshikuni, Ayano, and Chiemi Watanabe. Calculation of account reachability risk for users having multiple SNS accounts from user’s profile and regional information. International Journal of Web Information Systems 11, no. 1, 2015, 120-138. https://doi.org/10.1108/IJWIS-03-2014-0010

Guideline(s): Enhance Collaborative Privacy Management in Photo Sharing

Proposed a mechanism named Cardea, which uses context-aware mechanisms to enforce dynamic privacy settings for shared photos. It automatically blurs faces or other identifiable elements based on pre-defined user settings and context.

Jiayu Shu, Rui Zheng, and Pan Hui (2018). Cardea: context-aware visual privacy protection for photo taking and sharing. In Proceedings of the 9th ACM Multimedia Systems Conference (MMSys '18). Association for Computing Machinery, New York, NY, USA, 304–315. https://doi.org/10.1145/3204949.3204973

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Introduced CoPE, a tool designed to enable collaborative privacy management in Online Social Networks (OSNs). Recognising that users often co-own and co-manage data like photos, the authors extend traditional access control mechanisms to include collaborative content management. CoPE allows content owners to invite tagged users (co-owners) to jointly manage shared content, specifying who can view, modify, or comment on the data. Implemented as a Facebook application, CoPE addresses privacy concerns through features like notifications, co-ownership requests, and access management.

Anna C. Squicciarini, Heng Xu, and Xiaolong Zhang (2011). CoPE: Enabling collaborative privacy management in online social networks. Journal of the American Society for Information Science and Technology 62, no. 3 (2011): 521-534. https://doi.org/10.1002/asi.21473

Guideline(s): Enhance Privacy Policy Communication through Assessment Tools

Proposed a user-centric privacy architecture aimed at providing provider-independent protection of personal data. Central to this architecture is an online privacy community that empowers users to share privacy-related information, ratings, and experiences regarding service providers.

Jan Kolter, Thomas Kernchen and Günther Pernul (2010). Collaborative privacy management. computers & security, 29(5), 580-591. https://doi.org/10.1016/j.cose.2009.12.007

Guideline(s): Provide Users with User-Friendly Tools to Manage Their Privacy Settings

Introduced "AudienceView," a privacy policy interface designed to help users manage personal information sharing on social network sites. The study evaluates AudienceView against Facebook's existing privacy settings interface, finding that users can modify privacy policies more confidently and in less time using AudienceView.

Jason Watson, Michael Whitney, and Heather Richter Lipford (2009). Configuring audience-oriented privacy policies. In Proceedings of the 2nd ACM workshop on Assurable and usable security configuration (SafeConfig '09). Association for Computing Machinery, New York, NY, USA, 2009, 71–78. https://doi.org/10.1145/1655062.1655076

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Presented a Consent Recommender System designed to alleviate consent fatigue by assisting users in managing privacy settings for their LinkedIn accounts. The system leverages Factorisation Machines (FMs) to model the interaction between various factors influencing user consent decisions.

Rosni K V, Manish Shukla, Vijayanand Banahatti, and Sachin Lodha (2019). Consent recommender system: A case study on LinkedIn settings. In Central Europe Workshop Proceedings https://ceur-ws.org/Vol-2335/1st_PAL_paper_12.pdf

Guideline(s): Enhance User Privacy Controls in Mobile Applications , Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Presented a novel privacy management system for Android that uses contextual signals to predict user privacy preferences dynamically. This system addresses the limitations of the ask-on-first-use (AOFU) model, which does not account for varying contexts in subsequent permission requests.

Primal Wijesekera, Joel Reardon, Irwin Reyes, Lynn Tsai, Jung-Wei Chen, Nathan Good, David Wagner, Konstantin Beznosov, and Serge Egelman (2018). Contextualizing Privacy Decisions for Better Prediction (and Protection). In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (CHI '18). Association for Computing Machinery, New York, NY, USA, Paper 268, 1–13. https://doi.org/10.1145/3173574.3173842

Guideline(s): Incorporate Icons to Improve Privacy Policy Communication

Developed the Data Protection Icon Set (DaPIS) using participatory design methods, incorporating aesthetics, ergonomics, and semiotics principles to create legally accurate and user-friendly icons.

Arianna Rossi and Monica Palmirani (2019). DaPIS: An Ontology-Based Data Protection Icon Set. Knowledge of the Law in the Big Data Age, IOS Press, v. 317, p. 181, 2019. https://doi.org/10.3233/FAIA190020

Guideline(s): Support the Visualisation and Comprehension of Disclosed Data

Introduced the Data Dashboard, a prototype system designed to address challenges in personal data management and curation posed by the increasing use of cloud platforms and mobile devices. The Data Dashboard provides a centralized view of personal data from multiple devices and cloud platforms, allowing users to manage their data in one place.

Francesco Vitale, Janet Chen, William Odom, and Joanna McGrenere (2020). Data Dashboard: Exploring Centralization and Customization in Personal Data Curation. In Proceedings of the 2020 ACM Designing Interactive Systems Conference (DIS '20). Association for Computing Machinery, New York, NY, USA, 311–326. https://doi.org/10.1145/3357236.3395457

Guideline(s): Integrate Privacy Indicators for Informed App Selection

Introduced the concept of Data-Driven Privacy Indicators (DDPIs) to bridge the privacy gap between user expectations and actual data access by third-party apps. DDPIs promote a data-driven approach to addressing privacy gaps. User data is analysed by a trusted entity, such as the application platform, and the result of this analysis is integrated into the indicator interface.

Hamza Harkous, Rameez Rahman, and Karl Aberer (2016). Data-Driven Privacy Indicators. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). [S.l.: s.n.], 2016 https://www.usenix.org/system/files/conference/soups2016/wpi16_paper-harkous.pdf

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Presented a privacy setting prediction engine designed to provide personalized default privacy settings at the time of user registration to internet services. This engine leverages users’ privacy preferences and personal attributes to predict optimal privacy settings.

Toru Nakamura, Welderufael B. Tesfay, Shinsaku Kiyomoto, and Jetzabel Serna (2017). Default privacy setting prediction by grouping user’s attributes and settings preferences. In Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2017 International Workshops, DPM 2017 and CBT 2017, Oslo, Norway, September 14-15, 2017, Proceedings (pp. 107-123). Springer International Publishing. https://doi.org/10.1007/978-3-319-67816-0_7

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Presented the Privacy Advisor, a software tool that uses Case-Based Reasoning (CBR) to assist users in making informed privacy decisions by providing personalised recommendations based on past experiences. The Privacy Advisor retrieves and adapts solutions from similar past cases to recommend privacy settings. It learns from user feedback to improve future recommendations, ensuring that privacy policies align with users' preferences and contexts.

Karin Bernsmed, Inger Anne Tøndel and Åsmund Ahlmann Nyre. Design and Implementation of a CBR-based Privacy Agent. In: Seventh International Conference on Availability, Reliability and Security, Prague, Czech Republic, 2012, 317-326. https://doi.org/10.1109/ARES.2012.60

Guideline(s): Support the Visualisation and Comprehension of Disclosed Data

Proposed a privacy dashboard designed to help users exercise their data privacy rights under the GDPR. The dashboard is specifically designed to meet the requirements of the GDPR, ensuring users can access, rectify, erase, and manage their personal data.

Philip Raschke, Axel Küpper, Olha Drozd, and Sabrina Kirrane (2018). Designing a GDPR-Compliant and Usable Privacy Dashboard. In: Hansen, M., Kosta, E., Nai-Fovino, I., Fischer-Hübner, S. (eds) Privacy and Identity Management. The Smart Revolution. Privacy and Identity 2017. IFIP Advances in Information and Communication Technology(), vol 526. Springer, Cham. https://doi.org/0.1007/978-3-319-92925-5_14

Guideline(s): Communicate Privacy Risk with Colour-Coded Privacy Indicators , Integrate Privacy Indicators for Informed App Selection

Proposed privacy indicators incorporating long-term data access behaviours, context, and purpose. A prototype in the Google Play Store showed these indicators help users make safer app selections.

Gökhan Bal (2014). Designing privacy indicators for smartphone app markets: A new perspective on the nature of privacy risks of apps. In: Proceedings of the 20th Americas Conference on Information Systems, AMCIS 2014. [S.l.: s.n.], 2014. https://aisel.aisnet.org/amcis2014/MobileComputing/GeneralPresentations/6

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Addressed privacy issues in Online Social Networks (OSNs) where multiple users co-own shared data. The authors propose a systematic mechanism to detect and resolve privacy conflicts in collaborative data sharing. Their approach includes specifying multiparty privacy policies, detecting conflicts through accessor space segmentation, and resolving conflicts by balancing privacy risks and sharing losses.

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen (2011). Detecting and resolving privacy conflicts for collaborative data sharing in online social networks. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11). Association for Computing Machinery, New York, NY, USA, 103–112. https://doi.org/10.1145/2076732.2076747

Guideline(s): Enhance User Privacy Controls in Mobile Applications

Introduced PmP, which distinguishes between app and third-party library data accesses, offering users contextual control over their privacy with fewer decisions required. It uses Android's permission system and the Xposed framework for runtime monitoring and control, enabling actions like allowing, denying, or faking data access.

Saksham Chitkara, Nishad Gothoskar, Suhas Harish, Jason I. Hong, and Yuvraj Agarwal (2017). Does this App Really Need My Location? Context-Aware Privacy Management for Smartphones. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 1, 3, Article 42, 2017, 22 pages https://doi.org/10.1145/3132029

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Introduced ELVIRA, an agent designed to address multiuser privacy conflicts (MPCs) in online social networks (OSNs) by considering both the utility and moral values of users. ELVIRA's key features include role-agnosticism, adaptability, utility- and value-driven decision-making, and explainability. It supports a collaborative resolution of MPCs by identifying optimal sharing policies that balance individual utility gains and moral values. The agent explains its recommendations using argumentation, ensuring users understand the reasoning behind suggested actions.

Francesca Mosca and Jose M. Such (2021). ELVIRA: An Explainable Agent for Value and Utility-Driven Multiuser Privacy. In Proceedings of the 20th International Conference on Autonomous Agents and MultiAgent Systems (AAMAS '21). International Foundation for Autonomous Agents and Multiagent Systems, Richland, SC, 916–924. https://doi.org/10.5555/3463952.3464061

Guideline(s): Implement Visual Strategies for Effective Communication of Lengthy Privacy Policies

Investigated the impact of visual design on the effectiveness of privacy notices. They explored visual strategies such as the use of framing, layout, and interactive elements to enhance user engagement and comprehension. Their study demonstrated that incorporating visual cues and controls, such as sliders and interactive icons, can significantly improve users’ understanding and management of their privacy.

Agnieszka Kitkowska, Mark Warner, Yefim Shulman, Erik Wästlund and Leonardo A. Martucci (2020). Enhancing privacy through the visual design of privacy notices: Exploring the interplay of curiosity, control and affect. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020) (pp. 437-456). https://www.usenix.org/conference/soups2020/presentation/kitkowska

Guideline(s): Encourage Users to Consider Privacy Implications Before Sharing Online

Addressed teenage vulnerability to privacy risks on social networks by introducing soft-paternalism mechanisms, known as nudges, to influence user decision-making without restricting their freedom of choice.

José Alemany, Elena Del Val, Juan Alberola, and Ana García-Fornes (2019). Enhancing the privacy risk awareness of teenagers in online social networks through soft-paternalism mechanisms. International Journal of Human-Computer Studies. 2019 Sep 1;129:27-40. https://doi.org/10.1016/j.ijhcs.2019.03.008

Guideline(s): Enhance Privacy Policy Communication with Automated Information Extraction

Developed PPMark, a prototype tool designed to process privacy policies written in natural language and extract information about data collection and usage, presenting this information in a label format similar to nutrition facts.

Diego Roberto Gonçalves Pontes, Sergio Donizetti Zorzo, and Jose Santiago Moreira de Mello (2017). Evaluation of the reliability of using the prototype PPMark - a tool to support the computer human interaction in readings the privacy policies - using the GQM and TAM models. AMCIS 2017 Proceedings. 22. https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/22

Guideline(s): Promote User Awareness and Decision-Making on Permission/Authorisation Requests

Explored the idea of privacy based on user expectations of what an application should or should not do. Results are presented to users as a percentage, illustrating the extent to which these expectations were violated.

Jialiu Lin, Shahriyar Amini, Jason I. Hong, Norman Sadeh, Janne Lindqvist, and Joy Zhang (2012). Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp '12). Association for Computing Machinery, New York, NY, USA, 501–510. https://doi.org/10.1145/2370216.2370290

Guideline(s): Incorporate Icons to Improve Privacy Policy Communication

Presented the LPL Personal Privacy Policy User Interface (LPL PPP UI), demonstrating that icon-based interfaces can enhance the speed and accuracy of users' understanding of privacy policies, though further testing is needed.

Amin Gerl (2018). Extending layered privacy language to support privacy icons for a personal privacy policy user interface. In Proceedings of the 32nd International BCS Human Computer Interaction Conference 32, 2018, 1-5. https://doi.org/10.14236/ewic/HCI2018.177

Guideline(s): Provide Users with User-Friendly Tools to Manage Their Privacy Settings

Addressed the challenge of providing users with effective feedback on their information-sharing exposure within location-based services. They propose an ambient interface using the visual metaphor of eyes to represent the extent of data access. Their approach aims to help users understand and control their data exposure without detailed access logs, balancing user privacy with the need for feedback.

Roman Schlegel, Apu Kapadia, and Adam J. Lee (2011). Eyeing your exposure: quantifying and controlling information sharing for improved privacy. In Proceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS '11). Association for Computing Machinery, New York, NY, USA, Article 14, 1–14. https://doi.org/10.1145/2078827.207884

Guideline(s): Integrate Automated Tools and Custom Options for Privacy Settings

Presented a method for automatically extracting and classifying opt-out choices in privacy policies, significantly improving user access to these options through a browser extension named "Opt-Out Easy."

Vinayshekhar Bannihatti Kumar, Roger Iyengar, Namita Nisal, Yuanyuan Feng, Hana Habib, Peter Story, Sushain Cherivirala, Margaret Hagan, Lorrie Cranor, Shomir Wilson, Florian Schaub, and Norman Sadeh. Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text. In Proceedings of The Web Conference 2020 (WWW '20). Association for Computing Machinery, New York, NY, USA, 2020, 1943–1954 https://doi.org/10.1145/3366423.3380262

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Introduced a Personalised Privacy Assistant (PPA) for mobile app permissions, designed to help users manage the large number of permission decisions they need to make. The PPA predicts privacy preferences by asking users a small number of questions and matching them to privacy profiles derived from real-world data.

Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun Zhang, Norman Sadeh, Alessandro Acquisti. and Yuvraj Agarwal (2016). Follow my recommendations: A personalized privacy assistant for mobile app permissions. In Twelfth symposium on usable privacy and security (SOUPS 2016) (pp. 27-41). https://www.usenix.org/conference/soups2016/technical-sessions/presentation/liu

Guideline(s): Support the Visualisation and Comprehension of Disclosed Data

Focused on designing and evaluating privacy notifications issued by Transparency-Enhancing Tools (TETs) to help users of online services make informed decisions regarding their personal data. The paper identifies and validates a set of design requirements for creating effective privacy notifications tailored for mobile health (mHealth) services. These requirements aim to reflect users' needs and enhance transparency about personal data processing.

Patrick Murmann and Farzaneh Karegar (2021). From Design Requirements to Effective Privacy Notifications: Empowering Users of Online Services to Make Informed Decisions. International Journal of Human–Computer Interaction, 37(19), 1823–1848. https://doi.org/10.1080/10447318.2021.1913859

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed the "Tag-To-Protect" (T2P) system, a tag-driven policy recommender for image sharing on social network sites. The system aims to help users set privacy settings for their online images by analysing the correlations between image tags and privacy preferences.

Anna Cinzia Squicciarini, Andrea Novelli, Dan Lin, Cornelia Caragea, and Haoti Zhong (2017). From Tag to Protect: A Tag-Driven Policy Recommender System for Image Sharing. In 2017 15th Annual Conference on Privacy, Security and Trust (PST), 2017, 337-33709. https://doi.org/10.1109/PST.2017.00047

Guideline(s): Enhance Privacy Policy Communication through Assessment Tools

Developed a classification scheme and AutoCompliance tool for GDPR compliance analysis, highlighting how automated tools can assess privacy policy compliance with Article 13 of the GDPR, enhancing understanding and regulatory alignment.

Shuang Liu, Baiyang Zhao, Renjie Guo, Guozhu Meng, Fan Zhang, and Meishan Zhang. Have You been Properly Notified? Automatic Compliance Analysis of Privacy Policy Text with GDPR Article 13. In Proceedings of the Web Conference 2021 (WWW '21). Association for Computing Machinery, New York, NY, USA, 2021, 2154–2164. https://doi.org/10.1145/3442381.3450022

Guideline(s): Implement Interactive Consent Forms for Enhanced User Engagement

Proposed new user interface (UI) concepts, including 'Drag and Drop' (DAD) and 'Question and Answer' (Q&A), to enhance user engagement and comprehension during the consent process. The focus is on enabling informed decisions and consent in the context of social login methods (e.g., using Facebook, Google, etc. for authentication).

Farzaneh Karegar, Nina Gerber, Melanie Volkamer, and Simone Fischer-Hübner (2018). Helping john to make informed decisions on using social login. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC '18). Association for Computing Machinery, New York, NY, USA, 1165–1174. https://doi.org/10.1145/3167132.3167259

Guideline(s): Enhance Collaborative Privacy Management in Photo Sharing

Presented HideMe, a framework for privacy-preserving photo sharing on social networks. It allows users to set scenario-based privacy policies, automatically blurring faces based on user-defined conditions such as time, location, and relationships. HideMe includes a distance-based algorithm to protect bystanders' privacy and an efficient face matching algorithm to reduce system overhead.

Fenghua Li, Zhe Sun, Ang Li, Ben Niu, Hui Li, and Guohong Cao (2019). HideMe: Privacy-Preserving Photo Sharing on Social Networks. In IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, Paris, France, 2019, pp. 154-162. https://doi.org/10.1109/INFOCOM.2019.8737466

Guideline(s): Encourage the Consideration of Interdependent Privacy Management in Cloud Applications

Addressed privacy risks in cloud storage services like Google Drive and Dropbox, particularly concerning shared files accessed by third-party apps. The authors introduced History-based decisions, a mechanism informing users about previously authorised vendors to minimise privacy loss. This approach encourages users to avoid installing new apps when possible, thereby reducing exposure to potential privacy breaches.

Hamza Harkous and Karl Aberer (2017). "If You Can't Beat them, Join them": A Usability Approach to Interdependent Privacy in Cloud Apps. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17). Association for Computing Machinery, New York, NY, USA, 127–138. https://doi.org/10.1145/3029806.3029837

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Presented On-line Interactive (OI) privacy features designed to enhance user privacy awareness. The authors developed tools using such privacy features to help users understand and manage their privacy settings by providing clear, interactive, and contextually relevant information.

Elahe Kani-Zabihi and Martin Helmhout (2012). Increasing Service Users’ Privacy Awareness by Introducing On-Line Interactive Privacy Features. In Information Security Technology for Applications: 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers 16 (pp. 131-148). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-29615-4_10

Guideline(s): Integrate Privacy Indicators for Informed App Selection

Proposed BlueSeal, a permission mechanism that enhances the existing Android system by incorporating flow permissions derived from intra-app and cross-app data flows. It employs static analysis to identify sources and sinks within apps, enabling detailed permission settings that reflect actual data usage patterns.

Feng Shen, Namita Vishnubhotla, Chirag Todarka, Mohit Arora, Babu Dhandapani, Eric John Lehner, Steven Y. Ko, and Lukasz Ziarek (2014). Information flows as a permission mechanism. In Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering (ASE '14). Association for Computing Machinery, New York, NY, USA, 2014. 515–526. https://doi.org/10.1145/2642937.2643018

Guideline(s): Encourage Users to Consider Privacy Implications Before Sharing Online , Enhance Privacy Awareness by Communicating Privacy Risks

Presented a visual model to enhance user privacy on online social networks (OSNs) through improved interaction and visualization design. The authors propose a novel model comprising a privacy object and a privacy controller to help users better understand and manage their privacy settings.

Tri Tran Dang, Khanh Tran Dang and Josef Küng (2020). Interaction and Visualization Design for User Privacy Interface on Online Social Networks. SN Computer Science 1, no. 5 (2020): 297. https://doi.org/10.1007/s42979-020-00314-9

Guideline(s): Communicate Privacy Risk with Colour-Coded Privacy Indicators , Promote User Awareness and Decision-Making on Permission/Authorisation Requests , Integrate Privacy Indicators for Informed App Selection

Proposed an icon-based interface to represent privacy threats from app providers and third-party ad libraries. The interface categorises privacy threats into granules like location, identity, and query.

Anand Paturi, Patrick Gage Kelley, and Subhasish Mazumdar. Introducing privacy threats from ad libraries to android users through privacy granules. Proceedings of NDSS Workshop on Usable Security (USEC’15). Internet Society. Vol. 1. No. 2. 2015. http://dx.doi.org/10.14722/usec.2015.23008

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Addressed the challenge of privacy checking in smart environments, where service providers collect, store, and process vast amounts of user data. The paper proposes two innovative techniques: Knapsack Privacy Checking (KPC) and Knapsack Graph-Based Privacy Checking (KPC-G). These techniques frame the privacy-checking problem as a knapsack problem, optimising the selection of services based on user-specified privacy preferences and tolerance levels.

Zulfikar Alom, Bikash Chandra Singh, Zeyar Aung, and Mohammad Abdul Azim. Knapsack graph-based privacy checking for smart environments. Computers & Security, vol. 105, 2021, 10224 https://doi.org/10.1016/j.cose.2021.102240

Guideline(s): Enhance User Privacy Controls in Mobile Applications

Proposed a solution for protecting location privacy on Android smartphones. The authors introduced a system that leverages a combination of cloaking and obfuscation techniques to protect users' location data from unauthorised tracking, profiling, and identification. This system allows users to maintain the functionality of location-based services while reducing the risk of privacy breaches.

Kassem Fawaz and Kang G. Shin (2014). Location Privacy Protection for Smartphone Users. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). Association for Computing Machinery, New York, NY, USA, 239–250. https://doi.org/10.1145/2660267.2660270

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Explored the issue of outdated privacy settings on social media, particularly Facebook, where users often set privacy controls once and rarely revisit them. This "set-it-and-forget-it" approach can lead to mismatches between the desired and actual privacy settings as users' lives and relationships evolve. To address this, the authors propose a semi-automated system that combines user studies and machine learning to identify and correct potentially incorrect privacy settings.

Mainack Mondal, Günce Su Yilmaz, Noah Hirsch, Mohammad Taha Khan, Michael Tang, Christopher Tran, Chris Kanich, Blase Ur, and Elena Zheleva. Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, NY, USA, 2019, 991–1008. https://doi.org/10.1145/3319535.3354202

Guideline(s): Implement User-Customisable Multi-View Privacy Notifications , Enhance Privacy Awareness by Communicating Privacy Risks

The study addressed the challenge of users evaluating privacy risks when downloading apps from smartphone marketplaces. The authors propose a multi-view privacy notification mechanism that provides customised notification interfaces tailored to users' knowledge levels and preferences.

Carol Fung, Bahman Rashidi, and Vivian Genaro Motti (2019). Multi-View Permission Risk Notification for Smartphone System. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 10.1 (2019): 42-57. https://isyou.info/jowua/papers/jowua-v10n1-3.pdf

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Addressed the lack of multiparty access control (MPAC) in online social networks (OSNs), which prevents users from enforcing privacy concerns over data associated with multiple users. The authors propose an access control model for multiparty authorisation requirements, including a policy specification scheme and enforcement mechanism. The model supports conflict resolution through a voting mechanism and has been implemented as a prototype on Facebook.

Hongxin Hu, Gail-Joon Ahn, and Jan Jorgensen (2013). Multiparty Access Control for Online Social Networks: Model and Mechanisms. In IEEE Transactions on Knowledge and Data Engineering, vol. 25, no. 7, pp. 1614-1627, July 2013. https://doi.org/10.1109/TKDE.2012.97

Guideline(s): Promote User Awareness and Decision-Making on Permission/Authorisation Requests , Integrate Privacy Indicators for Informed App Selection

Proposed an improved interface for the Google Play Store with a sensitivity score that quantifies privacy risks based on app permissions. The interface aims to simplify decision-making for non-technical users.

Ilaria Liccardi, Joseph Pato, Daniel J. Weitzner, Hal Abelson, and David De Roure. 2014. No technical understanding required: helping users make informed choices about access to their personal data. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MOBIQUITOUS '14). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), Brussels, BEL, 140–150. https://doi.org/10.4108/icst.mobiquitous.2014.258066

Guideline(s): Communicate Privacy Risk with Colour-Coded Privacy Indicators , Integrate Privacy Indicators for Informed App Selection

Examined how privacy indicators can influence users to select more privacy-friendly apps. The authors presented an implementation and evaluation process of an indicator as an ex-ante privacy indicator cue for the app store, using intuitive design to communicate privacy risks effectively.

Sven Bock and Nurul Momen (2020). Nudging the user with privacy indicator: a study on the app selection behavior of the user. In: Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society. [S.l.: s.n.], 2020. p. 1–12. https://doi.org/10.1145/3419249.3420111

Guideline(s): Integrate Privacy Indicators for Informed App Selection , Enhance User Privacy Controls in Mobile Applications

Presented a solution focused on enhancing user privacy controls within mobile applications. The proposed solution includes an app marketplace and a permission management assistant that provides privacy ratings and guidance to users.

Hannah Quay-de la Vallee, Paige Selby, and Shriram Krishnamurthi (2016). On a (Per)Mission: Building Privacy Into the App Marketplace. In Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '16). Association for Computing Machinery, New York, NY, USA, 63–72. https://doi.org/10.1145/2994459.2994466

Guideline(s): Enhance Privacy Policy Communication through Assessment Tools

Presented a privacy transparency tool (OnLITE) for non-expert consumers, enabling them to understand and compare how Internet of Things (IoT) devices handle data. The tool aims to address the increasing number of IoT products and their privacy implications, complying with legal acts like the GDPR by summarizing key privacy facts and visualizing information flows clearly and readably for quick assessments, even with large datasets.

Alexandr Railean and Delphine Reinhardt. OnLITE: On-line Label for IoT Transparency Enhancement. In Secure IT Systems: 25th Nordic Conference, NordSec 2020, Virtual Event, November 23–24, 2020, Proceedings. Springer-Verlag, Berlin, Heidelberg, 229–245. https://doi.org/10.1007/978-3-030-70852-8_14

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Introduced PACMAN (Personal Agent for Access Control in Social Media), a personal assistant agent designed to recommend personalised access control decisions on social media. PACMAN aims to help users manage their shared content's privacy by considering the user's social context and network structure.

Gaurav Misra and Jose M. Such (2017). PACMAN: Personal Agent for Access Control in Social Media. In IEEE Internet Computing, vol. 21, no. 6, pp. 18-26, November/December 2017. https://doi.org/10.1109/MIC.2017.4180831

Guideline(s): Explore Diverse Techniques for Privacy Control

Introduced PARA, an augmented reality (AR) privacy management system for smart devices in emerging IoT ecosystems. The PARA system addresses the challenge of user privacy in environments populated with smart devices by providing an intuitive and effective way to manage privacy preferences through AR visualization.

Carlos Bermejo Fernandez, Lik Hang Lee, Petteri Nurmi, and Pan Hui. PARA: Privacy Management and Control in Emerging IoT Ecosystems using Augmented Reality. In Proceedings of the 2021 International Conference on Multimodal Interaction (ICMI '21). Association for Computing Machinery, New York, NY, USA, 2021, 478–486. https://doi.org/10.1145/3462244.3479885

Guideline(s): Implement Integrated Personal Data Storage to Allow Users to Store and Manage Their Personal Data

Proposed the PDVLoc framework, a Personal Data Vault (PDV) designed to control location data sharing from mobile devices. The framework allows users to store their location data in a centralised vault and manage data sharing with third parties through fine-grained Access Control Lists (ACLs).

Min Y. Mun, Donnie H. Kim, Katie Shilton, Deborah Estrin, Mark Hansen, and Ramesh Govindan (2014). PDVLoc: A Personal Data Vault for Controlled Location Data Sharing. ACM Trans. Sen. Netw. 10, 4, Article 58 (June 2014), 29 pages. https://doi.org/10.1145/2523820

Guideline(s): Enhance User Privacy Controls in Mobile Applications

Introduced a mobile application prototype with a "Maybe" button, offering users a novel partial consent feature for data access permissions. This allows users to grant temporary access to their data, enhancing privacy controls by enabling users to reassess permissions over time.

Sven Bock, Ashraf Ferdouse Chowdhury, and Nurul Momen (2021). Partial Consent: A Study on User Preference for Informed Consent. In: Stephanidis, C., et al. HCI International 2021 - Late Breaking Papers: Design and User Experience. HCII 2021. Lecture Notes in Computer Science(), 2021, vol 13094. Springer, Cham. https://doi.org/10.1007/978-3-030-90238-4_15

Guideline(s): Integrate Automated Tools and Custom Options for Privacy Settings

Proposed a pattern-based approach for integrating user privacy preferences into system designs, enabling customised and easily manageable privacy settings. This approach directly integrates user privacy preferences into system designs using predefined patterns.

Nazila Gol Mohammadi, Julia Pampus, and Maritta Heisel (2019). Pattern-based incorporation of privacy preferences into privacy policies: negotiating the conflicting needs of service providers and end-users. In Proceedings of the 24th European Conference on Pattern Languages of Programs (EuroPLop '19). Association for Computing Machinery, New York, NY, USA, 2019, Article 5, 1–12 https://doi.org/10.1145/3361149.3361154

Guideline(s): Enhance Privacy Policy Communication with Automated Information Extraction

The authors proposed Polisis, a scalable tool for data analysis that breaks privacy policies into segments and annotates each for detailed data practices. This allows for both high-level and fine-grained queries.

Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, and Karl Aberer. Polisis: Automated analysis and presentation of privacy policies using deep learning. In 27th USENIX Security Symposium (USENIX Security 18), 2018, pp. 531-548 https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-harkous.pdf

Guideline(s): Encourage Users to Consider Privacy Implications Before Sharing Online

Introduced an approach to improve privacy decisions on online social networks by implementing risk scenarios and personalised nudges. The strategy is designed to enhance users' awareness of potential privacy threats and guide them towards making safer privacy choices.

Díaz Ferreyra, Nicolás E., Tobias Kroll, Esma Aïmeur, Stefan Stieglitz, and Maritta Heisel (2020). Preventative Nudges: Introducing Risk Cues for Supporting Online Self-Disclosure Decisions. Information 11, no. 8, 2020, 399. https://doi.org/10.3390/info11080399

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Using a semantic approach, introduced PriGuardTool, a web-based tool designed to detect privacy violations in online social networks (OSNs). Each user is represented by a software agent that collects and interprets their privacy concerns, converting them into commitments between the user and the OSN. The tool then monitors these commitments to detect violations, signalling privacy breaches.

Nadin Kökciyan and Pınar Yolum (2016). PriGuardTool: A Web-Based Tool to Detect Privacy Violations Semantically. In Engineering Multi-Agent Systems: 4th International Workshop, EMAS 2016, Singapore, Singapore, May 9-10, 2016, Revised, Selected, and Invited Papers 4 (pp. 81-98). Springer International Publishing. https://doi.org/10.1007/978-3-319-50983-9_5

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Introduced PriMe, a human-centric privacy measurement method designed for mobile participatory sensing systems. PriMe quantifies privacy risks based on individual user preferences towards data sharing. It incorporates two metrics: the inherent sensitivity of users towards their data and the sensitivity based on specific data items and scenarios.

Rui Liu, Jiannong Cao, Sebastian VanSyckel and Wenyu Gao (2016). PriMe: Human-centric Privacy Measurement based on User Preferences towards Data Sharing in Mobile Participatory Sensing Systems. In IEEE International Conference on Pervasive Computing and Communications (PerCom), Sydney, NSW, Australia, 2016, pp. 1-8. https://doi.org/10.1109/PERCOM.2016.7456518

Guideline(s): Integrate Automated Tools and Custom Options for Privacy Settings

Proposed PriSEC, a machine learning-based tool to automate web privacy control discovery, presentation, and enforcement. PriSEC simplifies privacy management by providing a centralized interface for users to search, modify, and enforce privacy settings across various websites with minimal intervention.

Rishabh Khandelwal, Thomas Linden, Hamza Harkous, and Kassem Fawaz. {PriSEC}: A Privacy Settings Enforcement Controller. In 30th USENIX Security Symposium (USENIX Security 21), 2021, 465-482. https://www.usenix.org/conference/usenixsecurity21/presentation/khandelwal

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Introduced PriView, a system designed to enhance user awareness of potential privacy intrusions from surrounding devices in various environments. The paper explores different visualization methods to indicate the presence and activity of sensors (e.g., cameras, microphones) in users' vicinities using a mobile application and a head-mounted display (HMD).

Sarah Prange, Ahmed Shams, Robin Piening, Yomna Abdelrahman, and Florian Alt (2021). PriView– Exploring Visualisations to Support Users’ Privacy Awareness. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI '21). Association for Computing Machinery, New York, NY, USA, Article 69, 1–18. https://doi.org/10.1145/3411764.3445067

Guideline(s): Implement Interactive Privacy Policy Interfaces

Introduced the CURE prototype, which aims to improve the transparency and usability of privacy consent requests. The solution focuses on providing users with a more comprehensible and interactive way to manage their data-processing consents.

Olha Drozd and Sabrina Kirrane (2020). Privacy CURE: Consent Comprehension Made Easy. In: Hölbl, M., Rannenberg, K., Welzer, T. (eds) ICT Systems Security and Privacy Protection. SEC 2020. IFIP Advances in Information and Communication Technology, vol 580. Springer, Cham. https://doi.org/10.1007/978-3-030-58201-2_9

Guideline(s): Explore Diverse Techniques for Privacy Control

Introduced the Privacy Care framework, a tangible interaction system for managing privacy in ubiquitous computing (UbiComp) environments. Traditional GUI-based privacy management tools are often considered intrusive, socially disruptive, and cumbersome. To address these issues, the Privacy Care framework integrates tangible and embodied interactions to offer a more seamless and natural user experience in everyday settings.

Vikram Mehta, Daniel Gooch, Arosha Bandara, Blaine Price, and Bashar Nuseibeh (2021). Privacy Care: A Tangible Interaction Framework for Privacy Management. ACM Trans. Internet Technol. 21, 1, Article 25 (February 2021), 32 pages. https://doi.org/10.1145/3430506

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Presented a privacy negotiation mechanism for Internet of Things (IoT) environments, addressing the critical challenge of user privacy in the rapidly growing IoT landscape. The proposed mechanism mediates the exchange of information between data producers (users) and data consumers (services), allowing users to control their data disclosure more effectively. The mechanism leverages a Multilayer Perceptron (MLP) neural network to predict user privacy preferences, enabling automatic responses to data requests based on learned patterns. Users can set a confidence level for these predictions, ensuring the mechanism's responses align with their privacy expectations.

Fagner Roger Pereira Couto and Sergio Donizetti Zorzo (2018). Privacy Negotiation Mechanism in Internet of Things Environments. In Proceedings of the Twenty-fourth Americas Conference on Information Systems, New Orleans, AMCIS 2018. https://aisel.aisnet.org/amcis2018/Security/Presentations/33

Guideline(s): Communicate Privacy Risk with Colour-Coded Privacy Indicators , Promote User Awareness and Decision-Making on Permission/Authorisation Requests , Integrate Privacy Indicators for Informed App Selection

Introduced Privacy Pal, a Chrome extension that visualises the privacy and security risks of Facebook apps. The extension displays risk levels using a visual interface similar to password strength meters.

Rachel Tucker, Carl Tucker and Jun Zheng. Privacy Pal: Improving Permission Safety Awareness of Third Party Applications in Online Social Networks. In: IEEE. 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems. [S.l.], 2015. p. 1268–1273. https://doi.org/10.1109/HPCC-CSS-ICESS.2015.83

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed the Adaptive Privacy Policy Prediction (A3P) system to help users manage privacy settings for images uploaded on social media platforms. The A3P system aims to automatically generate personalised privacy policies based on image content, metadata, and social context.

Anna Cinzia Squicciarini, Dan Lin, Smitha Sundareswaran, and Joshua Wede. (2014). Privacy Policy Inference of User-Uploaded Images on Content Sharing Sites. IEEE transactions on knowledge and data engineering 27, no. 1, 2014, 193-206. https://doi.org/10.1109/TKDE.2014.2320729

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Addressed the privacy challenges in Online Social Networks (OSNs) arising from collaborative information sharing, where multiple users co-own data such as photos or posts. The authors propose a Collective Privacy Protection (CPP) approach that balances sharing and privacy through a majority vote system. The owner of shared content creates a privacy policy, and co-owners vote on whether to accept it. If any co-owner rejects, their privacy concerns are prioritised. The system detects and resolves privacy conflicts by considering social relationships and preferences.

Arunee Ratikan and Mikifumi Shikida (2014). Privacy Protection Based Privacy Conflict Detection and Solution in Online Social Networks. In Human Aspects of Information Security, Privacy, and Trust: Second International Conference, HAS 2014, Held as Part of HCI International 2014, Heraklion, Crete, Greece, June 22-27, 2014. Proceedings 2 (pp. 433-445). Springer International Publishing. https://doi.org/10.1007/978-3-319-07620-1_38

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Presented a privacy settings recommender system for online social networks (OSNs) that leverages Relationship Based Access Control (ReBAC). The system aims to help users define fine-grained and customised access control policies by learning their privacy preferences through an association rules mining process.

Davide Alberto Albertini, Barbara Carminati, and Elena Ferrari (2016). Privacy Settings Recommender for Online Social Network. In 2016 IEEE 2nd international conference on collaboration and internet computing (CIC), 2016, 514-521. https://doi.org/10.1109/CIC.2016.079

Guideline(s): Promote User Awareness and Decision-Making on Permission/Authorisation Requests , Integrate Privacy Indicators for Informed App Selection

Presented a short "Privacy Facts" display as a prototype implemented as a modification to the Android marketplace interface. This simplified display, which fits on the main application display screen, presents a checklist of data practices, including types of information collected (e.g., personal, location) and usage (e.g., advertising, analytics), and can assist users in selecting apps that request fewer permissions.

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh (2013). Privacy as part of the app decision-making process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '13). Association for Computing Machinery, New York, NY, USA, 2013, 3393–3402. https://doi.org/10.1145/2470654.2466466

Since several data protection regulations were enacted in the last couple of years, we aimed to investigate the state-of-the-art of Privacy by Design in Software Engineering. An early Systematic Mapping Study investigated that before the General Data Protection Regulation (GDPR) came into force. Initial scoping suggested the existence of several new studies suitable for inclusion, so we performed an update to verify what has changed in the area. From the 68 selected papers, we found that (a) professional practice has gained attention with software developers at the centre; (b) GDPR has become a trend; (c) much of the research is regulation-centric and a more user-centric view is missing and (d) there is still a need for validation in industrial settings.

Shirlei Aparecida de Chaves and Fabiane Barreto Vavassori Benitti. 2023. Privacy by Design in Software Engineering: An update of a Systematic Mapping Study. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (SAC '23). Association for Computing Machinery, New York, NY, USA, 1362–1369. https://doi.org/10.1145/3555776.3577626

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Addressed the challenge of managing collective privacy settings for shared content in social networks using game theory. It proposes a mechanism based on the Clarke-Tax approach to model and enforce collective privacy policies. The proposed solution promotes truthfulness and rewards users who support co-ownership, using automated ways to share images and a simple voting scheme. The framework is integrated with inference techniques to reduce the burden on users for manual privacy preference selection.

Anna C. Squicciarini, Mohamed Shehab, and Joshua Wede (2010). Privacy policies for shared content in social network sites. The VLDB Journal, 19, pp.777-796. https://doi.org/10.1007/s00778-010-0193-7

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Focused on privacy preference prediction in IoT, proposing a model for predicting user privacy preferences using contextual factors and clustering. The solution utilises factors like location, monitoring entity, and purpose to provide personalised privacy recommendations for IoT devices.

Hosub Lee and Alfred Kobsa. (2017). Privacy preference modeling and prediction in a simulated campuswide IoT environment. In IEEE International Conference on Pervasive Computing and Communications (PerCom), Kona, HI, USA, 2017, pp. 276-285 https://doi.org/10.1109/PERCOM.2017.7917874

Guideline(s): Implement Visual Strategies for Effective Communication of Lengthy Privacy Policies

Developed the Privacy Rating visualisation, using a user-centred design process to create a tool that is both informative and easy to understand, inspired by the format of the EU energy label.

Susanne Barth, Dan Ionita, Menno D. T. de Jong, Pieter H. Hartel, and Marianne Junger (2021). Privacy rating: a user-centered approach for visualizing data handling practices of online services. IEEE transactions on professional communication, IEEE, v. 64, n. 4, p. 354–373, 2021. https://doi.org/10.1109/TPC.2021.3110617

Guideline(s): Enhance User Privacy Controls in Mobile Applications

Introduced a user interface for managing location privacy settings rooted in privacy theory, privacy by design principles, and general UI design principles. It allows users to control when, with whom, and where their location information is shared through intuitive visual controls and icons.

Mehrnaz Ataei, Auriol Degbelo, and Christian Kray (2018). Privacy theory in practice: designing a user interface for managing location privacy on mobile devices, Journal of Location Based Services, 2018, 12:3-4, 141-178. https://doi.org/10.1080/17489725.2018.1511839

Guideline(s): Implement Integrated Personal Data Storage to Allow Users to Store and Manage Their Personal Data

Presented the Privacy-Aware Personal Data Storage (P-PDS) system, which uses semi-supervised and active learning to automate privacy decisions for user data stored in a centralised repository. The system reduces user burden by learning privacy preferences from labelled and unlabeled data. It adjusts privacy decisions based on user-specific preferences through personalised and history-based active learning.

Bikash Chandra Singh, Barbara Carminati, and Elena Ferrari (2019). Privacy-aware personal data storage (p-pds): Learning how to protect user privacy from external applications. IEEE Transactions on Dependable and Secure Computing, 18(2), 889-903. https://doi.org/10.1109/TDSC.2019.2903802

Guideline(s): Explore Diverse Techniques for Privacy Control

Explored the balance between reminiscability and privacy in visual life-logging systems for older adults. Using wearable cameras, life-logging systems capture continuous images to help elderly individuals recall their past experiences, enhancing their quality of life. However, these systems pose significant privacy risks by inadvertently capturing sensitive information and social ties. The authors propose obfuscation strategies that selectively obscure parts of images to protect privacy while maintaining reminiscability.

Thivya Kandappu, Vigneshwaran Subbaraju, and Qianli Xu (2021). PrivacyPrimer: Towards Privacy-Preserving Episodic Memory Support For Older Adults. Proc. ACM Hum.-Comput. Interact. 5, CSCW2, Article 306 (October 2021), 32 pages. https://doi.org/10.1145/3476047

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Introduced the Quality of Private Information (QoPI) model, designed to provide fine-grained and dynamic privacy controls for mobile applications. The QoPI model defines various types and quality levels of private information and incorporates contextual properties affecting privacy decisions. This model allows users to manage their privacy settings more precisely according to their needs and the context in which the application is used. The model predicts appropriate privacy controls based on user behaviour, improving the accuracy and efficiency of privacy management compared to traditional binary and static approaches.

Seung-Hyun Kim, In-Young Ko, Soo-Hyung Kim (2017). Quality of Private Information (QoPI) model for effective representation and prediction of privacy controls in mobile computing. Computers & Security, 66, pp.1-19. https://doi.org/10.1016/j.cose.2017.01.002

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks , Enhance Collaborative Privacy Management in Photo Sharing

Presented a mechanism to estimate the risk of privacy breaches when sharing images on social networks. REMIND uses a probabilistic model to evaluate the likelihood of unwanted image disclosure based on various factors, including user behaviour and image content. The system provides users with reminders and suggestions for revising their privacy settings to mitigate potential risks. The approach aims to enhance user awareness and control over shared images, thereby improving privacy management in social media environments.

Dan Lin, Douglas Steiert, Joshua Morris, Anna Squicciarini, and Jianping Fan (2019). REMIND: Risk Estimation Mechanism for Images in Network Distribution. In IEEE Transactions on Information Forensics and Security, vol. 15, pp. 539-552, 2020 https://doi.org/10.1109/TIFS.2019.2924853

Guideline(s): Enhance Parental Control in Smart Toys

Addressed the inadequacies of current parental control tools for safeguarding children's privacy with smart toys. The authors note the absence of a standardized reference solution in the literature and propose a comprehensive framework to fill this gap. This framework includes a list of recommended requirements, a conceptual model, and a prototype as proof of concept.

Otavio de Paula Albuquerque, Marcelo Fantinato, Hung, Patrick C.K. Hung, Sarajane Marques Peres, Farkhund Iqbal, Umair Rehman, and Muhammad Umair Shah. Recommendations for a smart toy parental control tool. J Supercomput 78, 2022, 11156–11194. https://doi.org/10.1007/s11227-022-04319-4

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Addressed the challenge of multi-party privacy management in social media, where shared items like photos often involve multiple users with conflicting privacy preferences. The authors propose a computational mechanism to resolve these conflicts by merging individual privacy preferences into a single policy. The mechanism adapts to different situations by modelling users' willingness to make concessions. It detects conflicts by comparing privacy policies and suggests solutions based on user preferences, item sensitivity, and the importance of the conflicting users.

Jose M. Such and Natalia Criado (2016). Resolving Multi-Party Privacy Conflicts in Social Media. In IEEE Transactions on Knowledge and Data Engineering, vol. 28, no. 7, pp. 1851-1863, 1 July 2016. https://doi.org/10.1109/TKDE.2016.2539165

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Presented a method for quantifying privacy risks for users active on multiple social networking sites. The authors introduce a Privacy Disclosure Score to measure the privacy risk associated with information shared across various social networks. This score accounts for both the sensitivity and visibility of the shared information.

Erfan Aghasian, Saurabh Garg, Longxiang Gao, Shui Yu, James Montgomery. Scoring users’ privacy disclosure across multiple online social networks. IEEE Access. 2017, Jun 27, vol. 5, p. 13118-30. https://doi.org/10.1109/ACCESS.2017.2720187

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Introduced an interactive visualization system to address federated learning (FL) privacy concerns. The system provides a visual interpretation of privacy risks, allows for interactive privacy enhancement, and facilitates joint privacy-performance training from the start.

Yeting Guo, Fang Liu, Tongqing Zhou, Zhiping Cai and Nong Xiao (2023). Seeing is believing: Towards interactive visual exploration of data privacy in federated learning. Information Processing & Management, 60(2), 103162. https://doi.org/10.1016/j.ipm.2022.103162

Guideline(s): Implement Integrated Personal Data Storage to Allow Users to Store and Manage Their Personal Data

Proposed a solution for managing privacy preferences in IoT environments using semantic web technology. They introduce the Privacy Preference for IoT (PPIoT) ontology, which integrates privacy preferences, the W3C Semantic Sensor Network Ontology, Fair Information Practices (FIP) principles, and GDPR compliance. The Personal Data Manager (PDM) component mediates and manages user privacy preferences, allowing users to control data disclosure to third parties.

Odnan Ref Sanchez, Ilaria Torre, Bart P. Knijnenburg (2020). Semantic-based privacy settings negotiation and management. Future Generation Computer Systems, 111, 879-898. https://doi.org/10.1016/j.future.2019.10.024

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Introduced SmarPer, an advanced permission mechanism for Android designed to provide context-aware and automatic runtime permission decisions. SmarPer aims to address the limitations of static permission policies by predicting user decisions using a Bayesian linear regression model. It also includes a data obfuscation feature to offer users a middle ground between allowing and denying permissions.

Katarzyna Olejnik, Italo Dacosta, Joana Soares Machado, Kévin Huguenin, Mohammad Emtiyaz Khan, and Jean-Pierre Hubaux (2017). SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices. In 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 2017, pp. 1058-1076. https://doi.org/10.1109/SP.2017.25

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Proposed a novel agent model to protect smartphone users' location privacy. The intelligent agent acts as a user's virtual proxy, managing the release of location data according to the user's preferences, context, and situation. The agent uses neural networks to learn privacy preferences and dynamically adjusts the level of location distortion and data sharing.

Harkeerat Kaur, Isao Echizen and Rohit Kumar (2020). Smart Data Agent for Preserving Location Privacy. In 2020 IEEE Symposium Series on Computational Intelligence (SSCI), Canberra, ACT, Australia, 2020, pp. 2567-2575. https://doi.org/10.1109/SSCI47803.2020.9308396

Guideline(s): Enhance Parental Control in Smart Toys

Explored enhancing the usability of privacy controls for smart toys. The authors use the Card Sorting technique to improve these interfaces to recognise existing privacy control tools' complexity and poor usability. The study aims to identify usability improvements for smart toy privacy controls, adapt the "nutrition label" metaphor for smart toys, and provide guidelines for more user-friendly privacy policy tools.

André de Lima Salgado, Felipe Silva Dias, João Pedro Rodrigues Mattos, Renata Pontin de Mattos Fortes, and Patrick CK Hung. Smart toys and children's privacy: usable privacy policy insights from a card sorting experiment. In Proceedings of the 37th ACM International Conference on the Design of Communication, 2019, 1-8. https://doi.org/10.1145/3328020.3353951

Guideline(s): Promote User Awareness and Decision-Making on Permission/Authorisation Requests , Enhance Privacy Awareness by Communicating Privacy Risks

Introduced a privacy risk communication system for Android that provides users with privacy risk information based on the second-order (threats to privacy coming from user profiling and data-mining capabilities based on apps' long-term data access behaviour) privacy risk perspective.

Gökhan Bal, Kai Rannenberg, and Jason I. Hong (2015). Styx: Privacy risk communication for the Android smartphone platform based on apps' data-access behavior patterns. Computers & Security, vol. 53, pages 187-202, 2015. https://doi.org/10.1016/j.cose.2015.04.004

Guideline(s): Enhance Privacy Policy Communication with Automated Information Extraction

Developed TLDR, a tool that uses machine learning and deep learning to highlight essential segments in privacy policies, reducing reading time and improving understanding.

Abdulrahman Alabduljabbar, Ahmed Abusnaina, Ülkü Meteriz-Yildiran, and David Mohaisen. TLDR: Deep Learning-Based Automated Privacy Policy Annotation with Key Policy Highlights. In Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society (WPES '21). Association for Computing Machinery, New York, NY, USA, 2021, 103–118. https://doi.org/10.1145/3463676.3485608

Guideline(s): Implement Visual Strategies for Effective Communication of Lengthy Privacy Policies

Reimagined electronic contracts with Textured Agreements, focusing on improving the usability of EULAs through visual representation formats and interactive elements, making them more understandable and engaging for users.

Matthew Kay and Michael Terry. Textured agreements: re-envisioning electronic consent. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS '10). Association for Computing Machinery, New York, NY, USA, 2010, Article 13, 1–13. https://doi.org/10.1145/1837110.1837127

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Investigated the feasibility of dynamically granted permissions on mobile devices, focusing on aligning these permissions with user preferences. The model detects changes in context and infers privacy preferences based on users' past decisions and behaviour.

Primal Wijesekera, Arjun Baokar, Lynn Tsai, Joel Reardon, Serge Egelman, David Wagner, and Konstantin Beznosov (2017). The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences. In 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 2017, pp. 1077-1093. https://doi.org/10.1109/SP.2017.51

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Introduced the Privacy Badge, a user interface designed to enhance privacy awareness among users of mobile devices. It aims to make users more aware of their privacy settings and the potential risks associated with their data-sharing activities.

Martin Gisch, Alexander De Luca, and Markus Blanchebarbe (2007). The privacy badge: a privacy-awareness user interface for small devices. In Proceedings of the 4th international conference on mobile technology, applications, and systems and the 1st international symposium on Computer human interaction in mobile technology (Mobility '07). https://doi.org/10.1145/1378063.1378159

Guideline(s): Enhance Privacy Policy Communication with Automated Information Extraction

Proposed a method for extracting notice and choice statements from privacy policies using manual annotation, creating graphs to generate concise notices and choices. The aim is to generate short, understandable notices and choices, improving the readability and usability of privacy policies for users, particularly in the context of IoT devices.

Parvaneh Shayegh and Sepideh Ghanavati. Toward an Approach to Privacy Notices in IoT. 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW), Lisbon, Portugal, 2017, pp. 104-110. https://doi.org/10.1109/REW.2017.77

Guideline(s): Encourage Users to Consider Privacy Implications Before Sharing Online

Proposed a novel system called AutoPri to address the issue of inadvertent privacy breaches through photo sharing on online social networks (OSNs). AutoPri employs a multimodal variational autoencoder to automatically detect private photos in a user-specific manner, learning the joint representation of user information and photo content. This system also utilizes explainable deep-learning techniques to pinpoint sensitive regions within photos, enabling fine-grained privacy control.

Nishant Vishwamitra, Yifang Li, Hongxin Hu, Kelly Caine, Long Cheng, Ziming Zhao, and Gail-Joon Ahn (2022). Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks. In Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY '22). Association for Computing Machinery, New York, NY, USA, 65–76. https://doi.org/10.1145/3508398.3511517

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Presented a framework for consensus-based group decision-making for co-owned data sharing in Online Social Networks (OSNs). The authors address privacy concerns when shared content involves multiple users, proposing a process that uses consensus-reaching and trust values among decision-makers. The framework employs the Extended Induced Ordered Weighted Averaging (EIOWA) technique to incorporate trust values into the decision-making process, ensuring decisions respect the privacy preferences of all co-owners.

Gulsum Akkuzu, Benjamin Aziz, and Mo Adda (2020). Towards Consensus-Based Group Decision Making for Co-Owned Data Sharing in Online Social Networks. In IEEE Access, vol. 8, pp. 91311-91325. https://doi.org/10.1109/ACCESS.2020.2994408

Guideline(s): Enhance Collaborative Privacy Management in Photo Sharing

Proposed a PII-based Multiparty Access Control (PMAC) model to address the privacy concerns in photo sharing on Online Social Networks (OSNs). This model enables fine-grained control over Personally Identifiable Information (PII) within shared photos. The PMAC model includes a policy specification scheme and a policy enforcement mechanism, allowing multiple users to manage access to their PII items collaboratively.

Nishant Vishwamitra, Yifang Li, Kevin Wang, Hongxin Hu, Kelly Caine, and Gail-Joon Ahn (2017). Towards PII-based Multiparty Access Control for Photo Sharing in Online Social Networks. In Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies (SACMAT '17 Abstracts). Association for Computing Machinery, New York, NY, USA, 155–166. https://doi.org/10.1145/3078861.3078875

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Introduced the "Visual Privacy Advisor" (VPA) designed to predict and mitigate privacy risks associated with image content shared on social media. The VPA aims to help users understand and manage their privacy preferences by providing personalized privacy risk scores for images.

Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz (2017). Towards a Visual Privacy Advisor: Understanding and Predicting Privacy Risks in Images. 2017 IEEE International Conference on Computer Vision (ICCV), Venice, Italy, pp. 3706-3715 https://doi.org/10.1109/ICCV.2017.398

Guideline(s): Incorporate Icons to Improve Privacy Policy Communication

Introduced the concept of privacy icons to simplify privacy policies, highlighting the need for usability improvements such as mouse-over functionality and links to corresponding text.

Leif-Erik Holtz, Katharina Nocun, and Marit Hansen (2011). Towards Displaying Privacy Information with Icons. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_27

Guideline(s): Implement Interactive Privacy Policy Interfaces

Presented the "Send Data?" prototype, a browser extension designed to facilitate user-friendly privacy policy management for the PrimeLife Policy Language (PPL). The prototype introduces "on the fly" privacy management, predefined privacy settings, and simplified selection of anonymous credentials, aiming to help users make informed decisions about personal data dissemination.

Julio Angulo, Simone Fischer-Hübner, Erik Wästlund, Tobias Pulls (2012).Towards Usable Privacy Policy Display & Management. Information Management & Computer Security, Vol. 20 No. 1, pp. 4-17. https://doi.org/10.1108/09685221211219155

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed a privacy-setting recommendation system for social networking services (SNSs) like Facebook. The system aims to assist users in discovering appropriate privacy settings by analysing and utilising privacy settings data from a large number of real users.

Munemasa, Toshikazu, and Mizuho Iwaihara (2011). Trend Analysis and Recommendation of Users’ Privacy Settings on Social Networking Services. In International conference on social informatics, pp. 184-197. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011. https://doi.org/10.1007/978-3-642-24704-0_23

Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288

Guideline(s): Enhance Privacy Awareness by Communicating Privacy Risks

Examined the use of fitness trackers and online social networks (OSNs). The authors develop an interactive tool that models online information shared by individuals and illustrates how this data and information stored on fitness trackers could lead to unwanted identity exposure.

Angeliki Aktypi, Jason R.C. Nurse, and Michael Goldsmith (2017). Unwinding Ariadne's Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks. In Proceedings of the 2017 on Multimedia Privacy and Security (MPS '17). Association for Computing Machinery, New York, NY, USA, 1–11. https://doi.org/10.1145/3137616.3137617

A user-focused technological approach is essential for privacy and data protection, so a systematic mapping study was conducted to review how researchers approach such matters. Of 8867 papers, 231 were systematically selected and analysed. Through thematic analysis, we identified three main themes: improving privacy policies, raising privacy awareness, and controlling information disclosure. Notably, 45% of the studies lacked user involvement, highlighting a diverse landscape in the extent of real user participation in research evaluations. This study provides valuable insights for researchers and practitioners in promoting privacy-preserving human-computer interaction.

Shirlei Aparecida de Chaves and Fabiane Benitti. 2025. User-Centred Privacy and Data Protection: An Overview of Current Research Trends and Challenges for the Human–Computer Interaction Field. ACM Comput. Surv. 57, 7, Article 176 (July 2025), 36 pages. https://doi.org/10.1145/3715903

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Proposed a user-centric privacy management system within federated identity frameworks. The system aims to assist users in making informed privacy decisions when interacting with service providers (Relying Parties, RPs) via Identity Providers (IdPs) by providing personalised privacy recommendations.

Carlos Villarán and Marta Beltrán. (2022). User-Centric Privacy for Identity Federations Based on a Recommendation System. Electronics, 11(8), 1238. https://doi.org/10.3390/electronics11081238

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings

Presented an approach to user-controllable learning of security and privacy policies to overcome the difficulties users face in specifying these policies. The approach involves incremental policy manipulation, where the system and user collaboratively refine a common policy model.

Patrick Gage Kelley, Paul Hankes Drielsma, Norman Sadeh, and Lorrie Faith Cranor (2008). User-controllable learning of security and privacy policies. In Proceedings of the 1st ACM workshop on Workshop on AISec (AISec '08). Association for Computing Machinery, New York, NY, USA, 2008, 11–18. https://doi.org/10.1145/1456377.1456380

Guideline(s): Provide Users with User-Friendly Tools to Manage Their Privacy Settings

Presented a new visualization mechanism called Visual Privacy Management Policy (VPMP) to simplify configuring privacy settings for photo sharing on online social networks (OSNs). VPMP uses social graphs and circles to visualize sharing options, providing users with comprehensible and effective privacy management.

Khalid Alemerien (2020). User-Friendly Privacy-Preserving Photo Sharing on Online Social Networks. Journal of Mobile Multimedia, 16(3), 2020, 267–292. https://doi.org/10.13052/jmm1550-4646.1631

Guideline(s): Leverage Personalised Recommendations for Enhanced User Management of Privacy Settings , Provide Users with User-Friendly Tools to Manage Their Privacy Settings

Introduced VeilMe, an interactive visualization tool designed to help users configure privacy settings for their personality data derived from social media. The tool aims to simplify the complex task of managing privacy by using intuitive visual metaphors and personalized initial settings.

Yang Wang, Liang Gou, Anbang Xu, Michelle X. Zhou, Huahai Yang, and Hernan Badenes (2015). VeilMe: An Interactive Visualization Tool for Privacy Configuration of Using Personality Traits. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). Association for Computing Machinery, New York, NY, USA, 2015, 817–826. https://doi.org/10.1145/2702123.2702293

Guideline(s): Implement Visual Strategies for Effective Communication of Lengthy Privacy Policies , Implement Interactive Privacy Policy Interfaces

The work proposed the Interactive Visual Privacy Policy, incorporating a Privacy Policy Nutrition Label with interactive elements to make the information more accessible and engaging for users.

Daniel Reinhardt, Johannes Borchard, Jörn Hurtienne (2021). Visual Interactive Privacy Policy: The Better Choice? In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. New York, NY, USA: Association for Computing Machinery, 2021. (CHI ’21). ISBN 9781450380966. https://doi.org/10.1145/3411764.3445465

Guideline(s): Enhance User Privacy Controls in Mobile Applications

Presented a privacy-enhancing framework for Android applications called VisiDroid, focusing on user control over personal data shared with advertising and analytics libraries.

Aydin, Abdulbaki, David Piorkowski, Omer Tripp, Pietro Ferrara, and Marco Pistoia (2017). Visual configuration of mobile privacy policies. In Fundamental Approaches to Software Engineering: 20th International Conference, FASE 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings 20, 2017, 338-355.Visual Configuration of Mobile Privacy Policies. In: Huisman, M., Rubin, J. (eds) Fundamental Approaches to Software Engineering. FASE 2017. Lecture Notes in Computer Science(), vol 10202. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54494-5_19

Guideline(s): Enable Exploration of Data Exports

Discussed the development and evaluation of the Data Track tool, a transparency-enhancing tool (TET) designed to help users visualise their personal data exports. The key contribution is introducing a stand-alone version of the Data Track that allows users to import and visualise their data, particularly focusing on location data exported from Google.

Farzaneh Karegar, Tobias Pulls and Simone Fischer-Hübner (2016). Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This? In: SPRINGER. IFIP International Summer School on Privacy and Identity Management. [S.l.], p. 164–181. https://doi.org/10.1007/978-3-319-55783-0_12

Guideline(s): Enable Exploration of Data Exports

Presented a user-centric privacy architecture focusing on the Data Disclosure Log component. The tool logs personal data disclosures made by users during their web interactions. This log includes details like the type of data disclosed, the context (e.g., login, registration), and the recipient service provider. The logged data is visualised using multiple views, including a chronological timeline, service provider view, and graph view. These visualisations help users understand their data disclosure patterns from various perspectives.

Jan Kolter, Michael Netter and Günther Pernul (2010). Visualizing Past Personal Data Disclosure. In: IEEE. 2010 International Conference on Availability, Reliability and Security. [S.l.], p. 131–139. https://doi.org/10.1109/ARES.2010.51

Guideline(s): Promote User Awareness and Decision-Making on Permission/Authorisation Requests

Calculated the privacy risk by counting the number of privacy-sensitive permissions in the app's request, dividing that count by the maximum number of dangerous permissions, and using this ratio as the privacy risk score. Results are communicated to users via a privacy meter, leveraging users' familiarity with similar meters, such as those used for password strength warnings.

Jina Kang, Hyoungshick Kim, Yun Gyung Cheong, and Jun Ho Huh. Visualizing Privacy Risks of Mobile Applications through a Privacy Meter. In: Lopez, J., Wu, Y. (eds) Information Security Practice and Experience. ISPEC 2015. Lecture Notes in Computer Science(), vol 9065. Springer, Cham. https://doi.org/10.1007/978-3-319-17533-1_37

Guideline(s): Support the Visualisation and Comprehension of Disclosed Data

Introduced the Access Policy Grid (APG), a novel visualization tool designed to enhance privacy awareness on social networking sites (SNSs). The APG provides a bird’s-eye view of a user’s privacy settings by visualizing the visibility of shared items to different contacts. This matrix-based representation helps users identify their social roles and detect inconsistencies in their privacy settings.

Michael Netter, Michael Weber, Michael Diener, and Günther Pernul (2014). Visualizing social roles - Design and evaluation of a bird's-eye view of social network privacy settings. In Proceedings of the Twenty Second European Conference on Information Systems (ECIS2014), Tel Aviv 2014. https://aisel.aisnet.org/ecis2014/proceedings/track14/13/

Guideline(s): Enhance Privacy Policy Communication with Automated Information Extraction

The authors proposed the Online Privacy Policy eXplainer (PriX), a web browser extension designed to help users understand privacy policies through visual explanations. PriX performs three key functions: checking if a website has a privacy policy, analysing the privacy policy, and providing visual explanations to enhance user comprehension. The tool uses trained classifiers (Naive Bayes and Random Forest) to identify data categories and present them with corresponding privacy icons, facilitating better understanding.

Wasja Brunotte, Larissa Chazette, Lukas Kohler, Jil Klunder, and Kurt Schneider. What About My Privacy?Helping Users Understand Online Privacy Policies. In Proceedings of the International Conference on Software and System Processes and International Conference on Global Software Engineering (ICSSP'22). Association for Computing Machinery, New York, NY, USA, 2022, 56–65. https://doi.org/10.1145/3529320.3529327

Guideline(s): Leverage Automated Decision-Making for Enhanced User Privacy Controls in Mobile Applications

Presented PriVs, an unobtrusive privacy permission recommendation system for mobile apps that balances privacy and usability. PriVs use crowdsourced data to generate personalised privacy recommendations for users. The system collects users’ privacy settings and feedback to refine recommendations continuously. It employs collaborative filtering methods to make privacy permission recommendations and allows users to approve, reject, or temporarily approve suggested settings.

Rui Liu, Jiannong Cao, Kehuan Zhang, Wenyu Gao, Junbin Liang and Lei Yang (2018). When Privacy Meets Usability: Unobtrusive Privacy Permission Recommendation System for Mobile Apps Based on Crowdsourcing. In IEEE Transactions on Services Computing, vol. 11, no. 5, pp. 864-878, 1 Sept.-Oct. 2018. https://doi.org/10.1109/TSC.2016.2605089

Guideline(s): Implement Collaborative Privacy Management for Shared Data in Social Networks

Tackled the challenge of resolving access policy conflicts for co-owned items in Online Social Networks (OSNs). The authors introduce the "dislike relation" concept, where users may not want their relationships inferred from shared items. The proposed solution uses a communication-intensity-based scheme to measure social intimacy between the visitor and co-owners, enabling more nuanced access control. By calculating social intimacy through factors like effective communication, communication popularity, and emotional tendency, the scheme helps decide which co-owners' images should be visible to which visitors.

Liang Fang, Lihua Yin, Qiaoduo Zhang, Fenghua Li, and Binxing Fang (2017). Who Is Visible: Resolving Access Policy Conflicts in Online Social Networks. In GLOBECOM 2017 - 2017 IEEE Global Communications Conference, Singapore, 2017, pp. 1-6. https://doi.org/10.1109/GLOCOM.2017.8254015